IETF Logo Mail Archive

Re: [Cfrg] adopting Argon2 as a CFRG document

marshalko_gb@tc26.ru Fri, 29 January 2016 03:35 UTC

Return-Path: <marshalko_gb@tc26.ru>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AC321B3819 for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 19:35:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.169
X-Spam-Level: **
X-Spam-Status: No, score=2.169 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ue0bP_KavEGF for <cfrg@ietfa.amsl.com>; Thu, 28 Jan 2016 19:34:59 -0800 (PST)
Received: from mail.tc26.ru (mail.tc26.ru [188.40.163.82]) by ietfa.amsl.com (Postfix) with ESMTP id C4C7B1B3818 for <Cfrg@irtf.org>; Thu, 28 Jan 2016 19:34:58 -0800 (PST)
Received: from f422.i.mail.ru (f422.i.mail.ru [185.5.136.93]) by mail.tc26.ru (Postfix) with ESMTPSA id 4CB52300460; Fri, 29 Jan 2016 06:34:34 +0300 (MSK)
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.tc26.ru 4CB52300460
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tc26.ru; s=mx; t=1454038497; bh=B/0nNeBtn6dMJK/beZAHyKOirgCj5DZtc3v9trpJr1I=; h=From:To:Cc:Subject:Date:Reply-To:In-Reply-To:References:From; b=ykt1a37E/XKHfhSMP9kpGxh+1SuUZXafPAM/31RLQEGrc63wKLwS0Xf28e3qsST/F O8ZNFztxFr8C2zkoh40qSLbRt/MThv/tmz7LRi8f5yB4CesHGVOWSwj16CSbC4xrKV 4nUW/TpVKLpq/YJe25zoYXxOqOC9ctaveN0fpE50=
From: marshalko_gb@tc26.ru
To: Paul Grubbs <pag225@cornell.edu>
MIME-Version: 1.0
X-Mailer: Mail.Ru Mailer 1.0
X-Originating-IP: [91.77.92.200]
Date: Fri, 29 Jan 2016 06:34:32 +0300
X-Letter-Fingerprint: Drt5XACFXjQB3Zbj9YguCEVMlVqoOK3F
X-Priority: 3 (Normal)
Message-ID: <1454038472.581582287@f422.i.mail.ru>
Content-Type: multipart/alternative; boundary="--ALT--8b724f141454038472"
X-Mras: Ok
X-Spam: undefined
In-Reply-To: <CAKDPBw8VGQo3WJV2hSe3tM3Tzm+Xp6OE7hds-BK5Vcv9ai1S3g@mail.gmail.com>
References: <D2C82E57.60B44%kenny.paterson@rhul.ac.uk> <9f49e240b03d7b6156b0ed08912ef520@mail.tc26.ru> <CAKDPBw8VGQo3WJV2hSe3tM3Tzm+Xp6OE7hds-BK5Vcv9ai1S3g@mail.gmail.com>
X-KLMS-Rule-ID: 1
X-KLMS-Message-Action: clean
X-KLMS-AntiSpam-Lua-Profiles: 90380 [Jan 29 2016]
X-KLMS-AntiSpam-Version: 5.5.6
X-KLMS-AntiSpam-Envelope-From: marshalko_gb@tc26.ru
X-KLMS-AntiSpam-Rate: 15
X-KLMS-AntiSpam-Status: not_detected
X-KLMS-AntiSpam-Method: none
X-KLMS-AntiSpam-Moebius-Timestamps: 3937077, 3937099, 3936459
X-KLMS-AntiSpam-Info: LuaCore: 407 407 95088b6730bc8abe9b35391686e3291f9b43d2f2, Auth:dmarc=fail header.from=tc26.ru policy=reject; spf=fail smtp.mailfrom=tc26.ru; dkim=none, dmarc_local_policy_1
X-KLMS-AntiSpam-Interceptor-Info: scan successful
X-KLMS-AntiPhishing: Clean, 2016/01/26 12:51:30
X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server, version 8.0.1.721, bases: 2016/01/28 22:12:00 #6884698
X-KLMS-AntiVirus-Status: Clean, skipped
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/0bmeo-WV6tsS4FvwaJY8IGxUiNQ>
Cc: "cfrg@irtf.org" <Cfrg@irtf.org>
Subject: Re: [Cfrg] adopting Argon2 as a CFRG document
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: marshalko_gb@tc26.ru
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jan 2016 03:35:02 -0000

I believe that we would see a sort of response to this challenge from argon suthors soon. It is quite natural to adjust security proofs yo the new techniques
Cheers,
Grigory
--
Отправлено из Mail.Ru для Android пятница, 29 января 2016г., 00:53 +0300 от Paul Grubbs < pag225@cornell.edu> :

>Would it be out of the question to ask the authors of Argon2 (or anybody, really) to do a more formal analysis of its space-hardness? It would be nice to have a proof (e.g. based on pebbling arguments) of some kind of time-space tradeoff for Argon2. 
>
>On Thu, Jan 28, 2016 at 3:39 PM, Grigory Marshalko  < marshalko_gb@tc26.ru > wrote:
>>Indeed, the PHC competition has significantly contributed to the design and analysis of password-hashing schemes. It's a nice mixture of crypto and engineering. So it would be desirable to wait until we understand the limits of attacks and corresponding countermeasures.
>>The article on baloon hashing is a significant step forward for understanding these issues.
>>
>>Regards,
>>Grigory Marshalko,
>>expert,
>>Technical committee for standardisation "Cryptography and security mechanisms" (ТC 26)
>>www.tc26.ru
>>22 января 2016 г., 22:31, "Paterson, Kenny" < Kenny.Paterson@rhul.ac.uk > написал:
>>> Mike,
>>>
>>> Thanks. The authors of the Argon2 design may in due course tweak their
>>> design to avoid the identified problems, or argue that they are not
>>> sufficiently worrisome to warrant a change to the design.
>>>
>>> We definitely need to factor this in to our deliberations, and we will
>>> take the time to do so. Let's see how it plays out...
>>>
>>> Regards
>>>
>>> Kenny
>>>
>>> On 22/01/2016 19:20, "Mike Hamburg" < mike@shiftleft.org > wrote:
>>>
>>>> We might want to hold off on Argon2 — at least on finalizing it — until
>>>> the team has
>>>> responded to (and hopefully mitigated) the issues mentioned at
>>>>  https://eprint.iacr.org/2016/027 . Essentially the problem is that Argon2
>>>> can be computed
>>>> in less space than advertised. The team said that they are planning a
>>>> response, cf
>>>>  http://permalink.gmane.org/gmane.comp.security.phc/3606
>>>>
>>>> Cheers,
>>>> — Mike
>>>>
>>>> On Jan 22, 2016, at 11:10 AM, Paterson, Kenny < Kenny.Paterson@rhul.ac.uk >
>>>> wrote:
>>>>
>>>> Dear CFRG,
>>>>
>>>> Having received limited feedback either way from the group (specifically,
>>>> one voice in favour), the CFRG chairs have decided to adopt
>>>>  https://tools.ietf.org/html/draft-josefsson-argon2-00 as a CFRG document.
>>>>
>>>> If you have objections or concerns, please reply to this email or directly
>>>> to CFRG chairs.
>>>>
>>>> Sincerely,
>>>>
>>>> Kenny Paterson (for the chairs)
>>>>
>>>> On 06/11/2015 11:47, "Paterson, Kenny" < Kenny.Paterson@rhul.ac.uk > wrote:
>>>>
>>>> Hi Stephen,
>>>>
>>>> Yes, the chairs are amenable to this. We've been keeping an eye on the
>>>> password hashing competition and were planning a work item in this area.
>>>>
>>>> Any comments from the group, either supporting or objecting to us adopting
>>>> this draft in the RG?
>>>>
>>>> Cheers,
>>>>
>>>> Kenny
>>>>
>>>> (for the chairs)
>>>>
>>>> On 06/11/2015 02:18, "Cfrg on behalf of Stephen Farrell"
>>>> < cfrg-bounces@irtf.org on behalf of
>>>>  stephen.farrell@cs.tcd.ie > wrote:
>>>>
>>>> The password hashing competition has a winner and some folks
>>>> in the openpgp wg are interested in using that winner. I guess
>>>> this might be better processed via cfrg if folks are amenable
>>>> to that.
>>>>
>>>> Thanks,
>>>> S.
>>>>
>>>> _______________________________________________
>>>> Cfrg mailing list
>>>>  Cfrg@irtf.org
>>>>  https://www.irtf.org/mailman/listinfo/cfrg
>>>
>>> _______________________________________________
>>> Cfrg mailing list
>>>  Cfrg@irtf.org
>>>  https://www.irtf.org/mailman/listinfo/cfrg
>>
>>_______________________________________________
>>Cfrg mailing list
>>Cfrg@irtf.org
>>https://www.irtf.org/mailman/listinfo/cfrg
>

v2.23.0 | Report a Bug | By Email